summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-11-15 23:49:12 +0059
committerGregor Kleen <gkleen@yggdrasil.li>2021-11-15 23:49:12 +0059
commitebb22b579dbcc095411fe907d7be978cab7e05f2 (patch)
treef43f5e9a9a161be2640a77e4e6f1e9eadc1e60ee
parent1c5d5675d5813e8e0fda2f73fb999e7f4d4367a8 (diff)
downloadnixos-ebb22b579dbcc095411fe907d7be978cab7e05f2.tar
nixos-ebb22b579dbcc095411fe907d7be978cab7e05f2.tar.gz
nixos-ebb22b579dbcc095411fe907d7be978cab7e05f2.tar.bz2
nixos-ebb22b579dbcc095411fe907d7be978cab7e05f2.tar.xz
nixos-ebb22b579dbcc095411fe907d7be978cab7e05f2.zip
vidhar: ...
-rw-r--r--hosts/vidhar/default.nix20
1 files changed, 9 insertions, 11 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index f3c313d0..039101be 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -91,11 +91,9 @@
91 { from = 60000; to = 61000; } # mosh 91 { from = 60000; to = 61000; } # mosh
92 ]; 92 ];
93 extraCommands = '' 93 extraCommands = ''
94 set -x 94 ip46tables -D FORWARD -j nixos-fw-forward || true
95 95 ip46tables -F nixos-fw-forward || true
96 ip46tables -D FORWARD -j nixos-fw-forward 2>/dev/null || true 96 ip46tables -X nixos-fw-forward || true
97 ip46tables -F nixos-fw-forward 2> /dev/null || true
98 ip46tables -X nixos-fw-forward 2> /dev/null || true
99 97
100 ip46tables -N nixos-fw-forward 98 ip46tables -N nixos-fw-forward
101 ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT 99 ip46tables -A nixos-fw-forward -i eno1 -j ACCEPT
@@ -108,9 +106,9 @@
108 ip46tables -A FORWARD -j nixos-fw-forward 106 ip46tables -A FORWARD -j nixos-fw-forward
109 107
110 108
111 ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting-nat 2>/dev/null || true 109 ip46tables -t nat -D POSTROUTING -j nixos-fw-postrouting-nat || true
112 ip46tables -t nat -F nixos-fw-postrouting-nat 2>/dev/null || true 110 ip46tables -t nat -F nixos-fw-postrouting-nat || true
113 ip46tables -t nat -X nixos-fw-postrouting-nat 2>/dev/null || true 111 ip46tables -t nat -X nixos-fw-postrouting-nat || true
114 112
115 ip46tables -t nat -N nixos-fw-postrouting-nat 113 ip46tables -t nat -N nixos-fw-postrouting-nat
116 iptables -t nat -A nixos-fw-postrouting-nat -o dsl -j MASQUERADE 114 iptables -t nat -A nixos-fw-postrouting-nat -o dsl -j MASQUERADE
@@ -118,9 +116,9 @@
118 ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting-nat 116 ip46tables -t nat -A POSTROUTING -j nixos-fw-postrouting-nat
119 117
120 118
121 ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting-mangle 2>/dev/null || true 119 ip46tables -t mangle -D POSTROUTING -j nixos-fw-postrouting-mangle || true
122 ip46tables -t mangle -F nixos-fw-postrouting-mangle 2>/dev/null || true 120 ip46tables -t mangle -F nixos-fw-postrouting-mangle || true
123 ip46tables -t mangle -X nixos-fw-postrouting-mangle 2>/dev/null || true 121 ip46tables -t mangle -X nixos-fw-postrouting-mangle || true
124 122
125 ip46tables -t mangle -N nixos-fw-postrouting-mangle 123 ip46tables -t mangle -N nixos-fw-postrouting-mangle
126 ip46tables -t mangle -A nixos-fw-postrouting-mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 124 ip46tables -t mangle -A nixos-fw-postrouting-mangle -o dsl -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu